You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

I'm simply posting this thread as a reminder or "note" for those who gets infected by any Cryptowares other than CryptoLocker and who tries to use the website DecryptCryptolocker.com by FireEye and Fox IT to decrypt their encrypted files. You cannot decrypt files from any other Cryptowares other than CryptoLocker on this website. The online service "Decrypt CryptoLocker", by FireEye and Fox IT can only be used to decrypt files that were encrypted by the original Cryptoware, CryptoLocker. This is possible because during the Operation Tovar that was used to shut down the GameOver ZeuS botnet, which was used to distribute CryptoLocker, they seized servers where the private keys used for encryption by CryptoLocker were uploaded to. After that, they set up the DecryptCryptolocker.com website that allows you to upload a CryptoLocker encrypted file and it'll test it against the 50,000 private keys they retrieved from the server to see if one matches your encryption private key If it does, they'll send you a decrypter executable along with your private key. Therefore, files encrypted by any other Cryptoware other than CryptoLocker cannot be decrypted via this service.

The reason I'm posting this thread is because I've seen quite a few threads and replies in the Cryptoware Support threads lately of people that tried to use that website to decrypt their files that were encrypted by CryptoDefense, CryptoWall, TorrentLocker, etc. and complaining that it wasn't working or failed.

I know this thread might be ignored by newcomers, but for those of you who took the time to read it, at least you'll know what this is all about and why DecryptCryptolocker.com cannot be used to decrypt non-CryptoLocker encrypted files.

Depending on which Cryptoware you were infected with, there's a chance that you might be able to recover your files. Also, the DecryptCryptolocker website wouldn't have helped you since it was made for the original CryptoLocker infected that was shutdown during Summer 2013, and isn't spread anymore. Do you have any ransom notes on your system? If so, can you give us the name of the ransom files (.txt, .png, .bmp, .html, etc.) and copy/paste their content here (you can remove the ids if you want)?